This invention relates to cellular mobile telephone systems and, more particularly, to apparatus and method for automatically generating a private authentication key (A-Key) in a mobile station.
Current cellular mobile telephone systems typically include subscriber units, known as mobile stations (e.g., hand-held units or units installed in vehicles), which communicate with a cellular communications network via RF transmissions. A typical cellular communications network includes at least one base station which provides the means by which a mobile station accesses cellular network services. Cellular networks need to ensure that their services are being provided only to legitimate subscribers, and in order to ensure that only legitimate subscribers use available resources, cellular networks employ various systems to authenticate their users. In the cellular communications setting, the term "authentication" refers to the process during which information is exchanged between the mobile station and the base station for the purpose of enabling the base station to confirm the identity of the mobile station.
Generally, a cellular network authenticates a mobile station by comparing so-called "shared secret data" (SSD) stored in the mobile station with corresponding shared secret data stored in the cellular network. The shared secret data stored in the mobile station is derived from a combination of mobile station identifying data, random data supplied by the base station, and a private authentication key (A-Key). The mobile station identification data may include an electronic serial number (ESN) which uniquely identifies the mobile station to any cellular system, and which includes the identity of the manufacturer of the mobile station and the serial number assigned by the manufacturer to that mobile station, plus a mobile identification number (MIN) which is derived from the mobile station's 10 digit directory telephone number. The private authentication key (A-Key) is a secret number known only by the mobile station and the mobile station's "home" cellular system, and is used as an encryption key to encrypt various data.
In a typical cellular communications system, each subscriber unit (i.e., mobile station) is assigned a telephone number (i.e. the MIN) which uniquely identifies the subscriber to any cellular network. A mobile station's electronic serial number (ESN) also uniquely identifies the mobile station. The cellular network has access to the mobile identification number (MIN) and the electronic serial number (ESN) of a mobile station through a data base, and this information is used to bill subscribers for the time the subscriber uses the system. However, detection of a legitimate mobile station's mobile identification number (MIN) and its electronic serial number (ESN) may be accomplished by RF ease-dropping or by purposeful or inadvertent divulgence of this information by the cellular telephone installer. Once the mobile station's mobile identification number (MIN) and its electronic serial number (ESN) are known, referred to as the MIN/ESN combination, a thief (i.e., an unauthorized user) is able to reprogram another mobile station with the stolen information causing two or more mobile stations to have the same MIN/ESN combination. Authorized subscribers would then be billed for calls made by the thief. In addition, since the MIN and ESN are transmitted without first being enciphered, RF detection of the MIN/ESN combination may easily be accomplished.
The current standardized method for authentication (and also for message encryption and information privacy in digital cellular systems) utilizes a private authentication key, known as the "A-Key". When a subscriber seeks to utilize the cellular network, the network generates and transmits a random number (RAND) to the mobile station. The mobile station then retrieves the values of its A-Key, its electronic serial number (ESN) and its mobile identification number (MIN) from its memory, and enciphers the ESN and MIN using the A-Key to construct the RAND into a signed response, which is then transmitted to the cellular network via a base station. At the same time, the network retrieves the values of the mobile station's ESN, MIN and A-Key from its data base, and generates an expected signed response value to the same random number (RAND) using the retrieved values. Upon receipt of the mobile station's signed response, the network compares the mobile station's signed response to the cellular network's generated expected signed response, and if the responses are substantially equivalent, authentication is confirmed. This system affords some protection against a thief that acquires the MIN/ESN combination of a mobile station by enciphering these numbers.
The A-Key utilized to encipher the mobile station's MIN/ESN is represented by a 64 bit number in current cellular systems. This number is known only by the mobile station and the mobile station's home system (which is retained in a home location register of the home cellular system) and is associated with the mobile station's MIN/ESN. When the mobile station is initially shipped from the manufacturer, the A-Key is set to the default value of all binary zeros. Upon installation of the mobile station (e.g., by the mobile station user or by a technician of a retailer of the mobile station), the installer contacts a selected cellular service provider (e.g., the customer service center of a cellular network) on a land-line telephone. The installer informs the service provider of the manufacturer of the mobile station and its serial number. The service provider verifies the manufacture and the serial number (which has been uniquely assigned by the manufacturer) and instructs the installer to enter a special programming mode of operation of the mobile station. In the special programming mode, the mobile station generates and displays a random five digit "user selected value" (USV). Alternatively, the installer may be instructed by the service provider to randomly select the five digit user selected value USV, enter that number into the mobile station and notify the service provider of the selected USV over the land-line telephone.
The service provider issues the private authentication key (A-Key) to the installer over the land-line telephone who then enters the number into the mobile station. Present standards require that the issued A-Key must be at least six digits long but not longer than 26. If this number is less than 26 digits long, the leading most significant digits are set equal to zero in order to produce a 26 digit quantity called the "entry value". The mobile station checks the accuracy of the 26 digit (decimal) entry value by converting the first 20 digits into a 64 bit representation to serve as an input to the well known cellular authentication and voice encryption (CAVE) algorithm, along with the mobile station's ESN. The algorithm produces an 18 bit response, which is compared to the binary equivalent of the last 6 entered digits. A match causes the 64 bit pattern to become written to the mobile station's semi-permanent memory as the A-Key. The cellular network also stores the 64 bit pattern as the mobile station's A-Key in its data base with the mobile station's ESN and MIN.
Although the above described enciphering method ensures some protection against unauthorized use by a "clone" mobile station, the manual entry of the A-Key into the mobile station requires knowledge of the value of the A-Key by the installer of the mobile station and the customer service representative of the cellular service provider. In addition, unauthorized divulgence of the A-Key may be accomplished by intercepting this information via the land-line telephone or other unlawful methods. In addition, since the entry number is entered manually by the installer, such entry is both cumbersome and prone to errors. For these reasons, there exists a need to eliminate the manual entry of the A-Key into the mobile station, and a means for generating the A-Key which does not unnecessarily divulge the A-Key.